As with a sensor network, there is a system where a large number of clients, which are placed under various environments, collect information to be uploaded through a network to a server for information collection. When such a system is used, it is possible to recognize information of remote places through the network from the clients placed under the environments, and to improve the operational efficiency compared with a method where someone travels around every single place to manage the information.
For example, Patent Document 1 discloses an example of the sensor network. FIG. 16 is an explanatory diagram showing the example of the sensor network disclosed in Patent Document 1. As shown in FIG. 16, a sensor network 900 disclosed in Patent Document 1 includes a plurality of sensor devices (clients) 901 . . . which each have a radio communication function, and external applications (servers) 921, 922, 923 . . . .
There are various purposes to use the sensor network 900, and it can be used in every field such as crime prevention, disaster prevention, nursing care, energy saving, and wide-area measurement and tracing. For example, in the field of nursing care, it is possible to monitor heart rates, body temperatures, posture, motions of limbs, emergency, and the like by using the sensor devices 901. The sensor devices 901 themselves generally do not have advanced processing ability due to problems such as manufacturing costs and power consumption thereof.
The sensor network which has the above-mentioned configuration operates as follows. Namely, when data from a large number of clients widely placed under the environments is collected to the server in the sensor network, a path by radio communication to the server is established, and each client transmits information through the established radio communication path.
Further, when personal or corporate privacy information, confidential information, or the like is included in the information to be transmitted by the client, the client needs to confirm (authenticate) whether or not the destination server is a legitimate server before uploading the information. In this case, under environment where there is restriction in processing ability as with the client in the sensor network, it is difficult to implement a process in which public key encryption is used in order to execute an authentication process. Therefore, there is adopted a message authentication in which common key encryption or a hash function with a key is used.
Specifically, as disclosed in, e.g., Non-Patent Document 1, specific secret information (encryption key) is preliminarily and secretly stored between the server and each client on one to one basis. Then, information for authentication called a message authentication code is generated based on the encryption key preliminarily shared, and the message authentication code is added to a message to be transmitted. The message authentication code is the one which can be generated only by any one of the server and the client sharing the encryption key. The server and the client confirm coincidence of the generated information with each other, thereby authenticating a transmission source of the message. In this case, a message authentication code which is generated for a message “m” based on an encryption key “k” can be represented as an expression (1).MAC(k, m)  (1)
As a specific method of configuring the message authentication code, e.g., Non-Patent Document 2 discloses a method of configuring the message authentication code by using the common key encryption. Further, e.g., Non-Patent Document 3 discloses a method of configuring the message authentication code by using the hash function with the key. Note that the method of configuring the message authentication code is not limited to these methods, and another configuring method which can be implemented on the client may be used.
For example, consider a case of configuring a sensor network in which a certain client uploads data in response to only an information request from a legitimate server. In this case, as represented in, e.g., an expression (2), the server generates a message authentication code for a message req_cmd which indicates a transmission request of data, by using the encryption key “k” which has been shared with each client. Then, as represented in the expression (2), the server transmits the generated message authentication code to each client together with the message req_cmd. In the expression (2), “∥” means a concatenation of data.req_cmd∥MAC(k, req_cmd)  (2)
The client, which shares the same encryption key with the server, confirms whether or not the message req_cmd is transmitted from the legitimate server. In this case, the client reconfigures the message authentication code with the encryption key owned by the client itself, and compares the reconfigured message authentication code with the incoming message authentication code, thereby determining whether or not the message authentication codes coincide with each other. Since it can be confirmed that the message is the one from the legitimate server when the message authentication codes coincide with each other, the client operates so as to upload data after the confirmation.
Note that the encryption key secretly stored at each of the server and the client is generally premised on being securely managed, by operation such as use of a device against tampering disclosed in, e.g., Patent Document 2 (that is, a device which makes it very difficult to illegally leak internal confidential information). Hereinafter, assume that the description as “secretly store” means to secretly store information under the premise that the illegal leak is very difficult by such operation.    [Patent Document 1]    Japanese Unexamined Patent Application Publication No. 2007-34737 (pages 5 to 6, FIG. 9)    [Patent Document 2]    Japanese Unexamined Patent Application Publication No. 2007-234039 (page 6)    [Non-Patent Document 1]    Shiro SAKATA, et al., “ZigBee Sensor Network”, Shuwa System, 2005, p.p. 118    [Non-Patent Document 2]    FIPS PUB 113—Computer Data Authentication—the Federal Information Processing Standard publication that defines the Data Authentication Algorithm, [retrieved on 2007-12-25], Retrieved form the Internet <URL: www.itl.nist.gov/fipspubs/fip113.htm>    [Non-Patent Document 3]    RFC 2104 HMAC: Keyed-Hashing for Message Authentication, [retrieved on 2007-12-25], Retrieved form the Internet <URL: http://tools.ietf.org/html/rfc2104>